I have a client hit with a ransomware virus that encrypted all his data and converted it all to the following format:

(filename)-BAA14811.bitcoinrush@aol.com.xtbl

I know this is a Russian virus, and I know that the BAA14811 part is the unique infection ID. However I've been unable to find the HTML files it generates upon completion. Perhaps the virus never completed its work. Anyway, the client's entire law firm is stored on this drive, all backups failed, so they are willing to pay.

Anyone know where the website to pay this ransom is? Or have a sample HTML file from one like this?

It's Troldesh There are numerous reports that even people that have paid the ransom were unable to decrypt their files.

We have found some way to brute force *some* of these variants, so there *might* be a way to decrypt.If you're interested, I can take a look. Send me one or two infected files (it is important that they're untouched) and I will analyze them for you.

Who is online

Users browsing this forum: No registered users and 2 guests

You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forumYou cannot post attachments in this forum